Re: HTTPS access to Bugzilla?

From: Luis Villa <louie ximian com>
To: Derek Atkins <warlord MIT EDU>
Cc: bugsquad <gnome-bugsquad gnome org>
Subject: Re: HTTPS access to Bugzilla?
Date: 21 Jul 2002 09:10:28 -0400

For a variety of reasons, Bugzilla is badly insecure. You should not be
using a valued password in it, whether or not we offered https on the
login page. I suppose this should probably be mentioned on the password
creation page.
Luis

On Tue, 2002-07-16 at 05:03, Derek Atkins wrote:
> Hi,
> 
> I'm in a location where I do not trust my network access, and I do not
> want to type my Bugzilla username/password over the network in the
> clear.  How hard would it be for you guys to add an HTTPS service for
> bugzilla?  Even a self-signed server cert would be better than
> nothing.  If nothing else, using HTTPS for user-login would go a long
> way if you don't want to allow protection of all bug-tracking
> transactions.
> 
> Thanks,
> 
> -derek
> -- 
>        Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
>        Member, MIT Student Information Processing Board  (SIPB)
>        URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
>        warlord MIT EDU                        PGP key available
> _______________________________________________
> Gnome-bugsquad mailing list
> Gnome-bugsquad gnome org
> http://mail.gnome.org/mailman/listinfo/gnome-bugsquad
>

Follow-Ups:
- Re: HTTPS access to Bugzilla?
  - From: Derek Atkins

References:
- HTTPS access to Bugzilla?
  - From: Derek Atkins

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]